1.9 KiB
ms.date, ms.topic
| ms.date | ms.topic |
|---|---|
| 01/03/2024 | include |
Configure an internal web server certificate template
Windows clients communicate with AD FS via HTTPS. To meet this need, a server authentication certificate must be issued to all the nodes in the AD FS farm. On-premises deployments can use a server authentication certificate issued by the enterprise PKI. A server authentication certificate template must be configured, so the AD FS nodes can request a certificate.
Sign in to a CA or management workstations with Domain Administrator equivalent credentials.
-
Open the Certification Authority management console
-
Right-click Certificate Templates > Manage
-
In the Certificate Template Console, right-click the Web Server template in the details pane and select Duplicate Template
-
Use the following table to configure the template:
Tab Name Configurations Compatibility - Clear the Show resulting changes check box
- Select Windows Server 2016 from the Certification Authority list
- Select Windows 10 / Windows Server 2016 from the Certification Recipient list
General - Specify a Template display name, for example Internal Web Server
- Set the validity period to the desired value
- Take note of the template name for later, which should be the same as the Template display name minus spaces
Request Handling Select Allow private key to be exported Subject Name Select Supply in the request Security Add Domain Computers with Enroll access Cryptography - Set the Provider Category to Key Storage Provider
- Set the Algorithm name to RSA
- Set the minimum key size to 2048
- Set the Request hash to SHA256
-
Select OK to finalize your changes and create the new template
-
Close the console